When you have a sufficiently large mass of non-technical end users, inevitably some percentage of them will end up doing something like enabling WAN-interface-facing remote admin access,which then gets pwned and turned into a botnet. It's a real problem at scale. Compromised CPE routers in addition to people visiting virus/trojan laden webservers and infecting their endpoint devices.
good example: https://www.fortinet.com/blog/threat-research/condi-ddos-botnet-spreads-via-tp-links-cve-2023-1389 On Fri, Oct 27, 2023 at 3:37 PM John Levine <jo...@iecc.com> wrote: > It appears that Bryan Fields <br...@bryanfields.net> said: > >-=-=-=-=-=- > >-=-=-=-=-=- > >On 10/27/23 7:49 AM, John Levine wrote: > >> But for obvious good reasons, > >> the vast majority of their customers don't > > > >I'd argue that as a service provider deliberately messing with DNS is an > >obvious bad thing. They're there to deliver packets. > > For a network feeding a data center, sure. For a network like > Charter's which is feeding unsophisticated nontechnical users, they > need all the messing they can get. > > If you're one of the small minority of retail users that knows enough > about the technology to pick your own resolver, go ahead. But it's > a reasonable default to keep malware out of Grandma's iPad. > > R's, > John >
